Consent Management/Access Control & Privacy Auditing

Consent Management/Access Control & Privacy Auditing

To best ensure patient privacy and clinical access to healthcare information, you need both:

Consent Management– incorporates access control mechanisms which allow the system to proactively block inappropriate access to a patient’s PHI according to privacy policies established by the patient, healthcare organization and jurisdiction

Consent management enables individuals to establish privacy preferences to decide who may use or disclose their PHI, what PHI may be accessed, for what purposes, and under what circumstances.

It also supports the creation, management and enforcement of individual, organizational and jurisdictional privacy policies through access control mechanisms.

Role-based access control is inadequate for managing privacy policies. Consent management allows you to block access to PHI in accordance with privacy preferences. This enforcesappropriateness of access, even when a user’s role would typically permit access.

Our standards-based auditing software generates a real-time audit trail of all access – and attempted access – to PHI and privacy policies. And when a clinician overrides a privacy restriction (break-the-glass access to PHI), the privacy officer is automatically notified by email. This allows the privacy officer to follow up on the potential breach, and make the patient aware of the situation and the reason for it.

Examples of inappropriate attempted access to PHI would include: when a clinician tries to access PHI and is permitted by virtue of their role, but the patient has disallowed it. Or, when a clinician attempts to access PHI and is permitted by virtue of their role, but the patient is not under their care.